mirror of
https://github.com/RWejlgaard/pez-infra.git
synced 2026-07-04 15:46:16 +00:00
The docs still described Cloudflare as DNS + CDN in front of helsinki-a, but that was dropped in #90 - pez.sh lives on Hetzner DNS via Terraform now and records point straight at the origin. Updated README, architecture, networking, getting-started and the nuremberg-a host doc to match, and noted that pez.solutions still resolves via Cloudflare outside Terraform. Also fixed while I was in there: - terraform/README: PagerDuty provider is ~> 3.32 (table said ~> 2.2), and the B2 secret keys are backblaze_keyID/backblaze_applicationKey - secrets docs: group_vars secrets file is .enc.yaml, dropped the FreeBSD install steps, the long-gone .sops.yaml placeholder note and the ANSIBLE_VAULT_PASS migration note, swapped the cloudflare_record example for hcloud - getting-started referenced ansible/scripts/sops-setup.sh which doesn't exist - added naveen.pez.sh to the subdomain tables and a note about the DNS-only records (mail, minecraft, wow, public) |
||
|---|---|---|
| .. | ||
| hosts | ||
| architecture.md | ||
| getting-started.md | ||
| monitoring.md | ||
| networking.md | ||
| README.md | ||
| secrets.md | ||
| services.md | ||
Documentation
Everything you need to understand how this infrastructure works.
Contents
- Architecture — High-level overview, network topology, traffic flow diagrams
- Networking — Tailscale mesh, physical networking, DNS and proxy flow
- Services — Complete service map: what runs where, ports, auth
- Monitoring — Grafana Cloud, Alloy, synthetic checks, alerting via PagerDuty
- Secrets — SOPS + age encryption: setup, usage, CI integration
- Getting Started — How to work with this repo, deploy changes, add services
- Hosts — Per-host detail (hardware, services, quirks)
Quick Reference
| Host | Tailscale IP | Location | Role |
|---|---|---|---|
| helsinki-a | 100.67.6.27 | Hetzner Cloud (Helsinki) | Reverse proxy, SSO, Bitwarden, Forgejo |
| london-a | 100.122.180.98 | London | Proxmox VE hypervisor |
| london-b | 100.84.65.101 | London | Storage, media, Docker services |
| london-c | 100.123.72.87 | London | Raspberry Pi, Octopus Energy exporter |
| nuremberg-a | 100.70.180.24 | Hetzner Cloud (Nuremberg) | Mail (poste.io) |
| copenhagen-a | 100.89.206.60 | Copenhagen | Minecraft, WoW/MaNGOS |
| copenhagen-c | 100.115.45.53 | Copenhagen | Raspberry Pi, cloudflared, idle |